Story image

Addressing cybersecurity transparency for stronger protection

20 Sep 17

Security firm Aleron says that cybersecurity management is a complex problem and transparency can result in even more ambiguity.

Because every organisation uses different processes to security, this can result in inefficiencies and weaknesses, the company says.

If organisations are to stop attacks, they need to have clear views of the threats they face and the ability to develop risk mitigation strategies.

“Two things are happening every day: new cyberattacks are launched; and new tools and solutions to combat cyberattacks are introduced. The rapid pace at which the threat landscape is evolving makes it difficult for senior managers to know if the company’s investment in security is effective,” comments Aleron director Alex Morkos.

“On top of that, there is often disjointed communication between security teams and senior leaders. This is partially because highly-skilled cybersecurity professionals often lack sophisticated business communication skills.”

According to Aleron, there are five key challenges to achieving transparency:

•  Getting a clear picture of the cyber threats they face 
•  Understanding if their investment in cybersecurity solutions is effective 
•  Making well-informed cybersecurity decisions that meet the organisation’s overarching objectives 
•  Accessing the skills and resources needed to effectively protect the organisation 
•  Managing security governance and compliance. 

“Cybersecurity is a boardroom problem, yet information about cyber risks is not delivered as transparently and as clearly as it could be to that senior level, thus hindering board members’ understanding and ability to respond appropriately. To combat this problem, organisations need to find a better way to communicate the risks internally and respond appropriately,” Morkos says.

Organisations should consider choosing systems that allow accurate and simple views of the current risks, as well as ones that detail which risks businesses should focus on.

The company says that organisations must invest in tools and systems that also help them understand security risks, self-asses and gain quick insights into their security options.

Compliance tools can also accelerate problem identification, saving businesses time and money before an attack strikes.

How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
GCSB welcomes Inspector-General's report on intelligence warrants
Intelligence warrants can include surveillance, private communications interception, searches of physical places and things, and the seizure of communications, information and things.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."